President Obama on Tuesday issued a detailed policy directive on how the U.S. government will handle cybersecurity incidents, including how the public should report hacks and other events, and what government agencies will handle responses.
The directive is the result of months of administration deliberation after major hacks of private and government entities by foreign governments during Obama’s second term. But it was released one day after the FBI announced an investigation into the embarrassing hack of the Democratic National Committee’s emails and the leak of roughly 20,000 emails, amid reports that Russia is responsible.
While most of the directive deals with broad principles undergirding the government’s response to cyberthreats and incidents, it also designates the Department of Homeland Security as the lead federal agency that will respond and try to mitigate the impact of attacks.
The presidential directive says DHS will “coordinate closely with the relevant sector-specific agency, which will depend on what kind of organization is affected by the incident.”
The Office of the Director of National Intelligence through its Cyber Threat Intelligence Integration Center will serve as the lead agency to investigate the cyberincidents in order to “build situational awareness and to identify knowledge gaps, as well as the ability to degrade or mitigate adversary threat capabilities,” the directive states.
For the first time, the directive also reveals how the government determines the severity of a cybersecurity incident. For an event to be considered significant, it must result in “demonstrable harm to the national security interests, foreign relations or economy of the United States or to the public confidence, civil liberties or public health and safety of the American people.”
“When a cyberincident occurs, determining its potential severity is critical to ensuring the incident receives the appropriate level of attention,” the directive states. “No two incidents are the same, and, particularly at the initial stages, important information, including the nature of the perpetrator, may be unknown.”
White House press secretary Josh Earnest would not comment Monday about whether Russia was responsible for the DNC email hack, which took place on the eve of the convention, although he noted that private entities that investigated the attack have blamed Russia.
The administration has yet to say whether they are deeming the DNC email hack a “significant” cybersecurity incident that would trigger government mitigation efforts beyond the FBI investigation.
